Critics say Defense 'total information awareness' impractical

Security advocates and technology experts threw cold water on a controversial Defense Department plan to create a new counterterrorism system that would use information technology to sniff out clues to a possible terrorist assault and identify attackers before they strike. The critics said the system, currently being researched by the Pentagon, would violate civil liberties, undermine commerce and probably wouldn't work.

Charles Peña, a policy analyst with the libertarian Cato Institute in Washington, said it's statistically unlikely that the system could predict and pre-empt attacks and also avoid targeting innocent people as suspected terrorists. He said that if the system-which theoretically would analyze relationships among transactions such as credit card or airline ticket purchases-were applied to the entire population, almost as many people would incorrectly be identified as terror plotters as would be correctly fingered. That scenario would make the technology useless, said Peña, who argued against spending millions of dollars to develop it.

The Total Information Awareness (TIA) system is managed by the Defense Advanced Research Projects Agency (DARPA), the Pentagon's main research and development unit. It would use data retrieval, biometric identification and other technologies to analyze information in databases. DARPA has not yet said what databases would be searched, but controversy has engulfed the project amid fears that private purchases and travel patterns might become the subject of government inspection.

Peña, delivered his remarks Thursday at a briefing about the project for congressional staff members and journalists. He was joined by civil libertarians who derided the Pentagon's work as another in a growing list of excessive encroachments upon privacy and due process undertaken by the Bush administration since the Sept. 11 attacks.

Bob Levy, a Cato senior fellow, called upon officials to define the scope of the TIA system and to set limits on what it would collect, whom it would monitor and what people would have access to its data. Levy feared that without such clarification, the system could result in expansions of domestic enforcement surveillance and limitations on privacy rights already permitted by post-Sept. 11 legislation and executive actions.

Wayne Crews, Cato's director of technology policy studies, also said the TIA system could undermine electronic commerce, because business today is predicated on the sanctity of privately owned databases. He worried that if companies were forced to submit their databases to inspection by the system, the customer's assumption of privacy would be assailed.

The TIA system project is managed by former National Security Adviser John Poindexter, who was convicted after the Iran-Contra scandal on felony counts of lying to Congress. That conviction was overturned. Poindexter hatched the idea for the system and was hired by DARPA earlier this year on a contract basis to oversee it.

Levy echoed the concerns of many critics that Poindexter shouldn't be in charge of such a potentially sensitive national security tool, given his history of making false public statements. "The concern is not that [Poindexter] is not the right man for the job. The problem is that he may be the right man," Levy said.

Peña, said the administration's best public relations move would be, at least, to replace Poindexter with another manager.

Poindexter has repeatedly refused to grant interviews to the news media. However, his deputy, Robert Popp, has spoken to journalists and at public gatherings. He has emphasized that DARPA isn't building a machine to search information, but is testing the technological viability of the concept using fictional or legally obtained data. Additionally, Popp said, the agency is building privacy protections into the system's design, looking for ways to encrypt data so that only authorized people could see the name of a person associated with a piece of information.

Once DARPA's research is complete-probably in about three years-the agency would share the plans with agencies interested in using the system, Popp said. Likely interested parties would include the CIA, FBI, Homeland Security Department and National Security Agency.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.